package com.elves.cloud.config;

import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.annotation.Order;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.oauth2.client.registration.ClientRegistration;
import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository;
import org.springframework.security.oauth2.client.registration.InMemoryClientRegistrationRepository;
import org.springframework.security.oauth2.core.AuthorizationGrantType;
import org.springframework.security.web.SecurityFilterChain;

import static org.springframework.security.config.Customizer.withDefaults;

/**
 * 没起效
 * fuck
 * 咋搞？
 */

@Configuration
//@EnableWebSecurity
public class SecurityConfig {

    @Bean
    public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
        String[] excludeUris = {"/login", "/time", "/favicon.ico"};
        http
                .authorizeHttpRequests(authorize -> authorize
//                        .requestMatchers(excludeUris).permitAll()
//                        .requestMatchers(
//                                "/admin/*").hasRole("ADMIN")
//                        .requestMatchers(
//                                "/openid/*").hasAuthority("openid")
//                        .requestMatchers(
//                                "/gitee/*").hasAuthority("projects")
//                        .requestMatchers(
//                                "/projects/*").hasRole("projects")
//                        .requestMatchers(
//                                "/user/*").hasAnyAuthority()
                        .anyRequest().authenticated()
                )
                .oauth2Login(withDefaults());
        return http.build();
    }

    /**
     * 这个代码有毒，不能注入Bean
     * @return
     */
//    @Bean
    public ClientRegistrationRepository clientRegistrationRepository() {
//        return new InMemoryClientRegistrationRepository(this.giteeClientRegistration());
        return new InMemoryClientRegistrationRepository(this.springClientRegistration());

    }

    private ClientRegistration giteeClientRegistration() {
        return ClientRegistration.withRegistrationId("gitee")
                .clientId("4e146a02beed09f85193ccb43572e973a8652b9ad6692af9e6f687fe39e25a0a")
                .clientSecret("1c583d85644bdd2bfbfc407fd418a91d24d4ffbf54e3fb61135421b6de51f460")
                .authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
                .redirectUri("{baseUrl}/login/oauth2/code/{registrationId}")
                .authorizationUri("https://gitee.com/oauth/authorize")
                .tokenUri("https://gitee.com/oauth/token")
                .userInfoUri("https://gitee.com/api/v5/user")
                .userNameAttributeName("name")
                .clientName("gitee")
                .build();
    }

    private ClientRegistration springClientRegistration() {
        return ClientRegistration.withRegistrationId("login-client")
                .clientId("login-client")
                .clientSecret("openid-connect")
                .authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
                .redirectUri("{baseUrl}/login/oauth2/code/{registrationId}")
                .authorizationUri("http://localhost:9000/oauth2/authorize")
                .tokenUri("http://localhost:9000/oauth2/token")
//                .userInfoUri("http://localhost:9000/userinfo")
//                .userNameAttributeName("sub")
                .clientName("login-client")
                .scope("openid","profile")
                .build();
    }
}
